Sgt. Frank Kardasz of the Phoenix, Ariz., Police Department and director of Arizona's Internet Crimes Against Children (ICAC) Task Force, believes these changes will greatly aid law enforcement's ability to investigate cybercrimes. His department currently faxes subscriber information requests to the ISP then waits for a return fax. "This is a sometimes lethargic process that might be better facilitated through secure Internet communications," he says.
ISP data storage also presents more than a few challenges. Different providers store data for differing lengths of time. "[They] typically do not preserve data for law enforcement investigative purposes unless a special request is made," Kardasz says. "In our work with crimes against children, we sometimes do not get the first complaint about an offense until months after it occurred. If the ISP has not retained basic subscriber data, that trail is cold and dead before we can even begin to find the offender."
However, companies cannot hold this information forever. A recent survey showed teens alone send and receive an average of 2,300 texts per month, then there are e-mails, instant messages and social networking updates. "There's a huge cost for ISPs to hold on to all of that information; the storage needs would be tremendous," she says.
And expect some pushback from privacy advocates. "As citizens, do we want law enforcement to have direct access to all of our communications content?" she asks. "When does it become too much surveillance?"
Too hot to handle
The above changes are down the road, so what does the local department do now when a cyber case proves too hot to handle? The answer? Call in those with the high-tech expertise to take it on.
"You've got to do something, even if your department cannot help," says Shipley. "You still need to take the report, collect preliminary information and get the appropriate agencies involved."
That's not possible, however, if agencies do not know who to call in the first place. Aftab recommends reaching out to ISP providers, social networking sites, area high-tech crimes task forces, local experts and so on to compile contact info into a database or book that sits by every department phone and in every squad car.
"You need to know who to call in the middle of the night," she explains. "If someone kidnaps a 4 year old during the night, you need to who to call at MySpace, Facebook, AOL, or wherever. You need to know who's available to help you with that case." (See "Recommended Partnerships" at right.)
Develop a plan for how to work with these experts. Shipley holds up ICAC task forces as prime examples of how such cooperation should look. This organization gathered state and local agencies to discuss Internet predators then collaborated with them to form national response teams. "This is a group that's worked on a national level to develop a strategy of response to a national problem using local and state resources," he says. "And they've done a very, very good job."
National attention to cybercrime must continue, he adds, but it must drill down to the local level for any strategy to be successful. Answers are needed as to how state and local agencies can and will be involved, what guidance the federal government will provide, what first responders need to know and do, and how these cases will be investigated and built.
Protecting digital borders involves everything from securing U.S. infrastructure from international cyber attacks to shielding U.S. citizens from cyber miscreants. "It's an issue that involves everybody but it's one that's been overlooked for a long, long time," Shipley says. "The Internet is a global network — it has a lot of victims. It's certainly a much bigger problem than all of us. But we have a responsibility to our community to take it on."
Ronnie Garrett, formerly the editorial director of the Cygnus Law Enforcement Group, is a freelance writer and photographer living in Wisconsin. She may be reached through her Web site at www.garrettncostudios.com.
Parry Aftab, a lawyer specializing in Internet privacy and security law and the executive director of WiredSafety.org, recommends reaching out to the following organizations as well to form partnerships in advance of a case.